The objective of this post is to help understand and discuss AOS-CX IPv6 - Stateful DHCP
We covered AOS-CX IPv6 - IPv6 address types, Link Local Addresses, solicited-node multicast addresses, duplicate address detection, ICMPv6 Neighbor Solicitation/NS, GUA for BGP peering, GUA for inter subnet connectivity, Unique Local Addresses, SLAAC, EVPN VXLAN, EVPN VXLAN with multicast and Stateless DHCP previously in
https://community.arubanetworks.com/discussion/aos-cx-ipv6-link-local-addresses
https://community.arubanetworks.com/discussion/aos-cx-ipv6-link-local-addresses-part-2
https://community.arubanetworks.com/discussion/aos-cx-ipv6-global-unicast-addresses
https://community.arubanetworks.com/discussion/aos-cx-ipv6-unique-local-addresses
https://community.arubanetworks.com/discussion/aos-cx-ipv6-slaac
https://community.arubanetworks.com/discussion/aos-cx-ipv6-evpn-vxlan
https://community.arubanetworks.com/discussion/aos-cx-ipv6-evpn-vxlan-with-multicast
https://community.arubanetworks.com/discussion/aos-cx-ipv6-stateless-dhcp
Stateful DHCP which depends on ICMPv6 Router Advertisement/RA can be used to assign IPs to hosts.
The difference between Stateless DHCP and Stateful DHCP is Stateless DHCP doesn't utilize the remote DHCP server to assign IPs, while Stateful DHCP will utilize the DHCP server to assign IPs, which also means the DHCP server will keep track of DHCP assignments when Stateful DHCP is used.
DHCP and DHCPv6 are used interchangeably in this post.
Stateful DHCP:
- Allows GUA IPv6 addresses to be dynamically allocated to hosts from a DHCP server
- Allows a host to uses the RA to derive IP addressing and default gateway info.
- Default gateway information is sent in the RA and the router link local address is typically used as the default gateway
- A DHCP server can provide additional information (DNS server, domain name etc)
The ICMPv6 RA sent by the L3 default gateway will provide default gateway information and guide host behavior with regards to IPv6 address assignment.
However, final behavior is still dependent on the host OS , e.g. Some hosts might not support DHCPv6, some hosts might use SLAAC if the DHCPv6 server is unreachable.
Managed address configuration (M), Other Configuration (O) and Autonomous address-configuration (A) flag bit combinations in the RA message will help IPv6 hosts determine if SLAAC or DHCPv6 should be used.
We will use this topology, an AOS-CX switch, a DHCP server, a windows host and a linux host can be seen in our example.
ULA on Lo0 is used to verify hosts can communicate beyond their local subnet.
This sample config will set the M flag to 1/on, O flag to 0/off and not send A flag to indicate Stateful DHCP should be used by hosts.
dhcpv6-relay
!
interface vlan2002
ipv6 address 2001:db8:2002::2/64
active-gateway ipv6 mac 00:00:00:00:00:01
active-gateway ipv6 fe80::1
! We assume VSX and active-gateway is used for default gateway redundancy
ipv6 nd prefix 2001:db8:2002::2/64 no-advertise
! Do not advertise prefix as A flag = 1 indicates SLAAC should be used
ipv6 nd ra managed-config-flag
! Set M flag to 1/on
no ipv6 nd suppress-ra
! Allow RA, it is suppressed by default
ipv6 helper-address unicast 2001:db8:2000::5
! DHCPv6 relay to remote DHCPv6 server
Here is a packet capture of the RA sent to ff02::1 (all hosts).
Here is a screenshot of a Windows DHCP server with scope options.
Here is a screenshot of a Windows host with DHCP working as expected.
You can see it has an IPv6 GUA ending with :5564.
It uses link local fe80::1 as default gateway to communicate beyond it's local subnet.
It has DNS server and DNS search list from DHCP server.
It can ping to the ULA using it's link local default gateway.
Here is a packet capture of the DHCP relay response from the DHCP server to the AOS-CX switch.
Here is a screenshot of a Linux host with DHCP working as expected.
You can see it has an IPv6 GUA ending with :475a.
It has DNS server and DNS search list from RA.
It uses link local fe80::1 as default gateway to communicate beyond it's local subnet.
It can ping to the ULA using it's link local default gateway.
From the switch perspective.
AOS-CX# sh ipv6 nei
IPv6 Address MAC Port Physical Port State
---------------------------------------------------------------------------------------------------------------------------------------------------
2001:db8:2002:0:d094:4d2e:84fe:475a 00:50:56:9e:37:55 vlan2002 1/1/47 reachable <- Linux host
fe80::6101:49e6:c661:e386 00:50:56:9e:63:9a vlan2002 1/1/47 reachable <- Windows host
fe80::791a:9c93:73de:9949 00:50:56:9e:37:55 vlan2002 1/1/47 reachable <- Linux host
fd25:bccf:1ffa:1000::a f4:03:43:80:4a:00 1/1/33 1/1/33 reachable
2001:db8:2002:0:692e:c7d5:dfa4:5564 00:50:56:9e:63:9a vlan2002 1/1/47 reachable <- Windows host
fe80::f403:4301:480:4a00 f4:03:43:80:4a:00 1/1/33 1/1/33 reachable
Total Number Of IPv6 Neighbors Entries Listed: 6.
--------------------------------------------------------------------------------------------------------------------
We can see windows host (MAC ending with 63:9a) has IPv6 neighbor mapping for it's IPv6 GUA address (ending with :5564) and link local address.
This means the IPv6 address (ending with :5564) is used to communicate beyond the subnet.
While the linux host (MAC ending with 37:55) has IPv6 neighbor mapping for it's IPv6 GUA address (ending with :475a) and link local address.
This means the IPv6 addresses (ending with :475a) is used to communicate beyond the subnet.
------------------------------
DWan
------------------------------